1

I'm creating a Django app, aimed at organizations that will have several users. So in the models, I have organizations and users, and organizations should be independent.

First user of an organization to signup will be admin, next users to signup will be employees. Admin can create user groups (usergroups/roles) to set the employees' permissions within the app.

Django already allows this, but a Django admin can edit all users right? Is there a way to have a manager by organization, who could only see and edit its employees permissions and not see all the users in database?

Alexandre Paroissien
  • 627
  • 1
  • 5
  • 17
  • 1
    What do you mean of `who could only see and edit its employees permissions and not see all the users in database`? – aircraft Aug 31 '17 at 11:14
  • 1
    A Django admin can view all users and edit their permissions in Django admin page. I would like to have several distinct organizations (groups of users) and an admin per organization who could only see the users of this organization and edit their permissions – Alexandre Paroissien Aug 31 '17 at 11:17

1 Answers1

2

What you could do is to override your get_queryset on a ModelAdmin

class ClassAdmin(admin.ModelAdmin):
    def get_queryset(self, request):
        qs = super(ClassAdmin, self).get_queryset(request)
        if your_condition:
            return qs.filter(b='bar')
        return qs.filter(b='foo')

when you register your class to admin, don't forget to do admin.site.register(Class, ClassAdmin)

bobleujr
  • 1,179
  • 1
  • 8
  • 23
  • Thanks that's a good trick, and would there be a way to keep one global superadmin able to view and edit everything? – Alexandre Paroissien Sep 01 '17 at 07:53
  • 1
    Yes, definitely.. In this case you could add a condition ``if request.user.is_superuser:`` return ``qs.objects.all()`` – bobleujr Sep 01 '17 at 15:12
  • Ok thanks for your help so far, my last question would be is it possible to also restrict the query displaying existing permissions? What I mean by that, is we would have permissions allowing users to manage social accounts of the organization, so we would need to only display the permissions to manage the social accounts of the organization of the current user being edited. I hope that's clear – Alexandre Paroissien Sep 05 '17 at 10:32
  • 1
    I couldn't quite get the entire idea but I think what you are looking for is to use permissions to restrict the displayed, that is it? Or are you looking to use the built-in permission system in Django? – bobleujr Sep 05 '17 at 19:33
  • 2
    Ok so I'm trying to see if I can use built-in permissions in Django to do what I want, and I'd like to have the admin of each organization able to edit the users of this organization (you helped me do it by modifying Django query), and now I'd like the organization's admin to only see the permissions of this organization (permissions would be specific to each organization), is it possible to personalize this too per organization? Thanks – Alexandre Paroissien Sep 06 '17 at 11:43
  • @AlexandreParoissien did you get the solution for creating user hierarchy in django which you stated in this comment involving mutliple organizations? – user956424 Nov 18 '19 at 05:07
  • @user956424 You can customize django user model to have a foreign key to your organization model, or better you can create a user profile model between your user and organization, which is more flexible and I would recommend it https://simpleisbetterthancomplex.com/tutorial/2016/07/22/how-to-extend-django-user-model.html – Alexandre Paroissien Jan 06 '20 at 19:42